Cyberterrorism, Research Paper Example

Introduction

According to the Center for Strategic and International Studies, cyberterrorism, first described in the mid 1980’s as a “transcendence from the physical to the virtual realm” of computers and the Internet, is the application of “computer network tools to shut down critical national infrastructures,” such as energy, transportation, and federal and state government operations, or to “coerce or intimidate a government or civilian population” by either threatening or actually implementing a cyber attack. Similarly, William L. Tafoya, a former FBI Special Agent and professor of Information Protection and Security at the University of New Haven, defines cyberterrorism as the “intimidation of civilian enterprises through the use of high technology” in order to propagate political, religious, or ideological goals via specific actions that often result in the disablement or complete deletion of critical infrastructure data and information (2011).

For today’s business or governmental enterprises, cyberterrorism can manifest itself in various ways and through a multitude of methodologies. Basically, there are three types or levels of cyberterrorism–1), the unstructured approach or conducting simple hacks against a person or an enterprise via computer tools specially designed to disrupt a computer system, such as utilizing trojan horses and other kinds of computer viruses; 2), the advanced structured approach which attacks a myriad of computer systems and/or computer networks via highly specialized hacking elements or tools; and 3), the complex-coordinated approach which is utilized by individuals with expansive knowledge on computer systems and/or networks. This method is undoubtedly the most intrusive, due to having the ability to greatly disrupt a computer system, such as utilized by the U.S. military and defense organizations. Moreover, this method is preferred by organized terrorist organizations that use sophisticated computer hacking schemes to disrupt if not destroy vital computer-based information and data (Jalil, 2003, p. 7).

Sources of Cyberterrorism

As noted by the U.S. Department of Homeland Security, there are currently five major sources for cyberterrorism attacks that can negatively affect the computer systems of an enterprise–1), national governments via threats ranging from “propaganda and low-level nuisance web page defacements to espionage” and the total disruption of extensive infrastructures, such as disrupting the national electrical grid that provides electrical power; 2), individual terrorists and terrorist organizations via threats to the general U.S. civilian population, such as attempting to weaken vital security networks related to the economy and the military; 3), industrial spies and organized criminal groups via an ability to “conduct industrial espionage and large-scale monetary theft” through the assistance of a hacker with special technical knowledge; 4), hacktivists or “politically active hackers with anti-American motives” via the use of propaganda; and 5), individual hackers which includes worm and virus creators and professional hackers that are paid to disrupt computer systems and/or networks (Cyber Threat Source Descriptions, 2005).

There are also a number of threats related to CS networks or SMS Gateways. As described by the General Accounting Office, these threats includes bot-network operators that coordinate attacks; foreign intelligence services that utilize “cyber tools as part of their information-gathering and espionage activities;” phishers that attempt to steal identities or information for profit; spammers, being either individuals or groups that “distribute unsolicited e-mail with hidden or false information;” and lastly, spyware and malware creators via computer viruses and worms with the goal being to disrupt or destroy computer files and hard drives (Cyber Threat Source Descriptions, 2005).

Preventing Cyberterrorism Attacks and Strategies

In order to prevent cyberterrorism attacks, there are a number of effective and highly-specialized tools and techniques currently available to business enterprises and state and federal government organizations. First, the application of vital security measures which includes firewalls, intrusion detection systems (IDS), and anti-virus software systems. According to the SANS Institute, enterprises and other organizations are strongly encourage to utilize “network and host-based intrusion detection systems” which have been designed to “record, monitor, and report all suspicious activities” within an organization’s computer network via a forensic analysis (Jalil, 2003, p. 12).

As to effective strategies related to preventing cyberterrorism attacks, the SANS Institute recommends that enterprises and organizations adopt all or most of the following strategic operations–1), the pursuit and prosecution of cyberterrorism perpetrators which in effect helps to lower attack incidences as a deterrent; 2), the adoption of “existing international standard guidelines for information security” via the International Organization for Standardization or the British Standards Institution; 3), becoming more proactive by “keeping up-to-date on the latest information related to threats, vulnerabilities, and incidents;” 4), the creation of a business continuity and disaster recovery plan which can be utilized in case of a cyber attack; 5), the establishment of a working relationship with organizations that deal specifically with cyberterrorism attacks and issues; and 6), an increase in the awareness of the existence of cyberterrorism via an educational program developed for enterprise employees and their supervisors (Jalil, 2003, pp. 11-12).

References

Cyber threat source descriptions. (2005). Retrieved from http://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions

Jalil, S.A. (2003). Countering cyber terrorism effectively: Are we ready to rumble? Retrieved from http://www.giac.org/paper/gsec/3108/countering-cyber-terrorism-effectively-ready-rumble/105154

Tafoya, W.L. (2011). Cyber terror. Retrieved from http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/november-2011/cyber-terror